Achieving enterprise security to support agency services

Increased connectivity has transformed and improved access to government. Citizens today can connect with government agencies and leaders in ways that were unimaginable just a few years ago.

This connectivity, however, has also increased the importance and complexity of our shared risk. Ever-increasing cyberattacks on federal government networks are growing more sophisticated, aggressive and dynamic. It is paramount that as the government continually provides essential services to the public, agencies safeguard information from theft and networks and systems from attacks while protecting individual privacy, civil rights and civil liberties.

In order to provide for effective and efficient information for citizens and businesses online and in real time, agencies are taking advantage of applications that allow ongoing visibility into threats, vulnerabilities and incidents on their networks. The government's use of this category of applications is central to the Department of Homeland Security's Continuous Diagnostics and Mitigation program -- a dynamic approach to fortifying the cybersecurity of computer networks and systems.

The CDM program provides capabilities and tools that enable network administrators to see the state of their respective networks at any given time, understand the relative risks and threats, and help system administrators identify and mitigate flaws at near-network speed.

DHS established the CDM program to support government efforts to provide adequate risk-based and cost-effective cybersecurity. CDM -- which is also available to state, local and tribal government entities -- provides stakeholders with the tools they need to protect their networks and enhance their ability to identify and mitigate cyber threats. It also offers a path to providing greater intelligence about enterprise security.

In addition, CDM complements the risk-based approach to security that agencies can use to ensure a comprehensive program that enables missions while effectively safeguarding assets, relying on National Institute of Standards and Technology guidance for implementation across a broad range of agency activities.

Even with strong efforts across the government, the Government Accountability Office and inspectors general offices report that security continues to be a challenge for federal agencies. That reinforces the strong support across the federal government for CDM and its call for more automated and proactive approaches to controlling and protecting federal data and systems, which departments, agencies and component levels all need to accelerate their move to enterprise security intelligence.

CDM enables agencies to move from a reactive manual approach, which relies on often-heroic human actions to protect federal data and systems, to one of predictive and automated security analytics, where data and systems are protected by automated decision-making and leveraging the human knowledge to make sound security decisions based on risk, vulnerabilities and consequences.

A holistic, intelligent approach to security that helps organizations combat the increase of cyberattacks, insider threats and advanced persistent threats provides the enterprise security that most organizations have found elusive to date. This approach relies on an architecture for security intelligence operations that comply with the increase of mandates and federal regulations. Such an effort also correlates assets, threats and vulnerabilities to create situational awareness for sound risk management decisions.

To implement this approach, agencies benefit from solutions that can efficiently process billions of events from multiple devices and transform them into actionable incidents based on risk and threat analysis. By doing so, enterprises can actively and accurately predict, prevent, react to and remediate security risks in their organization, ultimately achieving a more "intelligent" approach to managing security that automates and streamlines systems and security management to lower the total cost of managing IT assets -- securing mobile devices, laptops, desktops and servers that are physical or virtual, on or off network, personal or corporate-owned.

This enterprise strategy for security makes new technologies, such as cloud and mobile, more secure -- especially when coupled with agency actions to assess their security posture, develop a strategy, design a strategic architecture, implement security and privacy controls, and manage the solutions. As this real-time, continuous diagnostics and mitigation approach matures and is integrated with sustained attention to risk-based approaches to managerial and operational controls, agencies will be able to more effectively address the challenges of securing their people, data, applications, transactions and infrastructure.

About the Authors

Dan Chenok is executive director of the IBM Center for the Business of Government.

John Lainhart leads IBM's Public Sector Cybersecurity and Privacy Services.